[hcs-d] "Massive" DNS Vulnerability - Is it really that bad?

Joshua Kroll jkroll at hcs.harvard.edu
Tue Jul 8 19:15:07 EDT 2008

Does anyone else think this is a little silly?


We've known that DNS is vulnerable to spoofing for a long
time. Nothing has changed. There aren't even new attacks out there
(well, there are plenty of new DNS attacks, but they aren't this
heavy-handed). Wouldn't it be better to use a firewall that was clever
enough not to let 33,000 DNS packets through in only a few ms?

Maybe I'm just a DNS geek.


More information about the hcs-discuss mailing list